search for: bbb51e42

...izer and valgrind output. Reproduce: dd if=/dev/zero of=zero bs=1 count=1 valgrind -q ssh -F zero x This was found while fuzzing ssh with american fuzzy lop. (Please CC me on replies, I'm not subscribed to the list.) cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh-stackoverflow-asan.txt.gz Type: application/gzip Size: 958 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150329/44e47c50/attachment-0003.bin> -----------...

...OpenSSH is this? 6.8 portable on Linux. > Also, when reporting fuzzer-derived problems it really helps to > include the test-case. The "test case" is a one byte file containing a zero byte. But here it is :-) -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150330/9bfa2215/attachment.bin>

...openssl and dovecot latest (1.0.2a, 2.2.16) on a Gentoo. Please note that it's not dovecot itself that's crashing but pop3-login/imap-login. You don't note these if you haven't some kind of segfault reporting. -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150426/c893ab35/attachment.sig>

...sslv3 compiled in. I have been made aware, that we > have a fix for Dovecot in the works. No that's not true. I have explicitely tried that. You just need to *disable* SSLv3, but that can be done within the config file. -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150426/067a634b/attachment.sig>

...is can be fixed by changing ++mask to mask++ (and same for data), then there must be a -=2 instead of -- afterwards. See attached patch. I found this by compiling dovecot with address sanitizer and running the test suite. cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-2.2.18-oob-wildcard-match.diff Type: text/x-patch Size: 506 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20150627/7ef41c31/attachment.bin> -------------- next part -...

...ee which port my users use. I haven't found an easy way to detect that. The easiest thing would be if there'd be a way to add the port number to the pop3-login/imap-login lines in the log files. Any way to do that? cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20140425/ba463bf3/attachment.sig>

...DoS-attack > modification, which has most probably unexpected side-effect. Maybe this is related to the DDoS-protection measures that have been added in dovecot 2.2.13. Would apprechiate if someone could have a look. cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20140616/06084693/attachment.sig>

...it checks for the availability of the feature itself (by checking for the define of SSL_CTRL_SET_ECDH_AUTO). This should make this check more robust and work independently of the version number of the used openssl instance. cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-ecdh-auto.diff Type: text/x-patch Size: 3068 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20140722/93275cd4/attachment.bin> -------------- next part -------------- A...

...e arc4random_stir()-function, I copied that back from the openssh-arc4random.c. Works so far, see attached patch. An alternative would be to check for the availability of arc4random in libcrypto and use that if available. cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-arc4random.diff.gz Type: application/gzip Size: 3055 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140712/38ca69a7/attachment.bin> -------------- nex...

On 04/26/2015 04:07 PM, Florian Pritz wrote: > Since there are three people involved I kindly ask you to be more > specific as to who should provide which (exact) information. > > Given you ask for it right after quoting my link all I can tell you is > that I provide all the information you ask for (openssl version, crash > message) in the link you quoted. Sorry if I was not

On Mon, 30 Mar 2015, Damien Miller wrote: > On Mon, 30 Mar 2015, Hanno B?ck wrote: > > > On Mon, 30 Mar 2015 09:19:02 +1100 (AEDT) > > Damien Miller <djm at mindrot.org> wrote: > > > > > What version of OpenSSH is this? > > > > 6.8 portable on Linux. > > That's strange - the line numbers in the valgrind stack trace don't >

On 04/25/2015 11:55 AM, James wrote: > On 24/04/2015 22:17, Hanno B?ck wrote: > > Hello, > >> I tracked down a tricky bug in dovecot that can cause the imap-login >> and pop3-login processes to crash on handshake failures. >> This can be tested by disabling SSLv3 in the dovecot config >> (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and

...see attached patch. I think this should do it. I have seen that a bug that is probably rootet in this has been posted here before regarding ssl3-disabled configs: http://dovecot.org/pipermail/dovecot/2015-March/100188.html cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-dont-crash-on-ssl-handshake-failure.diff Type: text/x-patch Size: 421 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20150424/bade681d/attachment.bin> -------------- n...